VAR-201409-0425 — Vulnetix

Try Vulnetix Request Demo

VAR-201409-0425 PUBLISHED

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Sep 10, 2014 CVE Published
Apr 21, 2015 PoC Published
May 29, 2018 PoC Published
Oct 9, 2020 PoC Published
Oct 9, 2020 PoC Published
Oct 9, 2020 PoC Published
Feb 6, 2025 PoC Published
Feb 23, 2025 PoC Published
Apr 17, 2026 Security Advisory
Apr 17, 2026 Security Advisory
Apr 17, 2026 Security Advisory
Apr 17, 2026 Security Advisory

References

GLSA-201409-05 vendor-advisory
adobe-flash-cve20140556-bo(95826) vdb
https://code.google.com/p/google-security-research/issues/detail?id=46 url
61089 third-party-advisory
openSUSE-SU-2014:1130 vendor-advisory
http://packetstormsecurity.com/files/131516/Adobe-Flash-Player-copyPixelsToByteArray-Integer-Overflow.html url
openSUSE-SU-2014:1110 vendor-advisory
http://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html url
SUSE-SU-2014:1124 vendor-advisory
69696 vdb
36808 exploit
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html url
111110 vdb
1030822 vdb

Open in Interactive Console →